Willy Tarreau:
> > >Regardless of command format details, if the proxy prepends a command
> > >to the client's SMTP stream, then postscreen must use unbuffered
> > >I/O to read that command. If buffering were turned on, the buffering
> > >layer could read past the proxy's<CR><LF> and eat up part of the
> > >client input kind-of like CVE-2011-0411.
>
> Precisely on this point there is an easier way, it consists in using
> recv(MSG_PEEK). The big advantage is that you don't need to store the
> temporary bytes you've read since they remain in the kernel's buffers.
> So it more or less looks like this :
First, just like SMTP and HTTP protocol documentation, HAPROXY
documentation states nowhere that any particular information must
be sent (or received) in exactly one TCP segment.
If this atomicity is an essential requirement of the HAPROXY protocol,
then that had better be made explicit in the documentation.
Second, it makes little sense to re-invent all the error and
time-limit handling that Postfix already has. I prefer to reuse the
line reading routine that postscreen already has, instead of reaching
for the lowest-level kernel API.
Wietse
